From 0d3d853f8414bd383fa1caea8a9322cb7854e5f3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 16 Nov 2017 14:21:23 +0100 Subject: Fix SSL on Qt5 --- src/server/net/sslserver.cpp | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) (limited to 'src/server/net/sslserver.cpp') diff --git a/src/server/net/sslserver.cpp b/src/server/net/sslserver.cpp index 6aefae9..0e0639e 100644 --- a/src/server/net/sslserver.cpp +++ b/src/server/net/sslserver.cpp @@ -20,22 +20,21 @@ #include "certmanager.h" #include -SslServer::SslServer() +SslServer::SslServer() : QTcpServer(NULL) { _tmr = startTimer(5123); - //QSslSocket::setDefaultCiphers(QSslSocket::supportedCiphers()); } SslServer::~SslServer() { - killTimer((_tmr)); + killTimer(_tmr); } /** * Handle incomming connection. * @param socketDescriptor */ -void SslServer::incomingConnection(int socketDescriptor) +void SslServer::incomingConnection(qintptr socketDescriptor) { static int certFails = 0; QSslKey key; @@ -49,24 +48,48 @@ void SslServer::incomingConnection(int socketDescriptor) } QSslSocket *serverSocket = new QSslSocket(NULL); connect(serverSocket, SIGNAL(sslErrors(const QList &)), this, SLOT(sslErrors(const QList &))); + connect(serverSocket, SIGNAL(disconnected()), this, SLOT(sock_closed())); + connect(serverSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(sock_error(QAbstractSocket::SocketError))); serverSocket->setPrivateKey(key); serverSocket->setLocalCertificate(cert); serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone); - serverSocket->setProtocol(QSsl::TlsV1SslV3); - //printf("Keylen %d\n", serverSocket->privateKey().length()); + serverSocket->setProtocol(QSsl::SecureProtocols); if (serverSocket->setSocketDescriptor(socketDescriptor)) { // Once the connection is successfully encrypted, raise our newConnection event + connect(serverSocket, &QSslSocket::encrypted, [=]() { + disconnect(serverSocket, SIGNAL(sslErrors(const QList &)), this, SLOT(sslErrors(const QList &))); + disconnect(serverSocket, SIGNAL(disconnected()), this, SLOT(sock_closed())); + disconnect(serverSocket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(sock_error(QAbstractSocket::SocketError))); + }); connect(serverSocket, SIGNAL(encrypted()), this, SIGNAL(newConnection())); serverSocket->startServerEncryption(); _pending.push_back(serverSocket); } else { + qDebug() << "Failed to setSocketDescriptor on new SSL Socket"; serverSocket->deleteLater(); } } -void SslServer::sslErrors(const QList & /* errors */ ) +void SslServer::sslErrors(const QList &errors) { - //qDebug("FIXME: SSL ERRORS on SERVER: %s", qPrintable(errors.begin()->errorString())); + /* + qDebug() << "Client caused sslErrors before connection:"; + for (QList::const_iterator it = errors.begin(); it != errors.end(); it++) { + qDebug() << it->errorString(); + } + */ +} + +void SslServer::sock_closed() +{ + qDebug() << "Client closed connection before SSL handshake completed."; + sender()->deleteLater(); +} + +void SslServer::sock_error(QAbstractSocket::SocketError err) +{ + qDebug() << "Client error before SSL handshake completed: " << err; + sender()->deleteLater(); } void SslServer::timerEvent(QTimerEvent* /* event */ ) -- cgit v1.2.3-55-g7522